registry  /  @snag-run/cli  /  0.2.4

@snag-run/cli@0.2.4

snag CLI — generate and view Snag Maps (Happy Path → Failure Map) from a PRD or spec.

Static Scan Results

scanned 8d ago · by rust-scanner

Static analysis completed at 65.0% confidence. No malicious behavior was detected; 7 low-signal pattern(s) were surfaced and cleared.

Static reason
No blocking static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 9 file(s), 95.8 KB of source, external domains: 127.0.0.1

Source & flagged code

1 flagged · loading source
dist/commands/map.jsView file
1import { createHash } from "node:crypto"; L2: import { execFile } from "node:child_process"; L3: import { mkdir, readFile, rename, rm, stat, writeFile } from "node:fs/promises"; ... L39: // `generate` and `checkIgnored` so the command's behavior (path mirroring, dir L40: // creation, atomic write, ignore warning, exit codes, error messages) is L41: // unit-tested without a network/LLM key or shelling out to git. ... L52: return injected; L53: const resolved = resolveLogLevels({}, { SNAG_LOG: process.env.SNAG_LOG }); L54: const levels = "error" in resolved ... L108: return mapAndPersist(file, { L109: cwd: deps.cwd ?? process.cwd(), L110: engineOpts: deps.engineOpts ?? {},
Low
Weak Crypto

Package source references weak cryptographic algorithms.

dist/commands/map.jsView on unpkg · L1

Findings

2 Medium5 Low
MediumNetwork
MediumEnvironment Vars
LowScripts Present
LowWeak Cryptodist/commands/map.js
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings